Tunneling is a technique used in computer networks to aggregate and encapsulate a first network protocol inside a second network protocol of a protocol stack, sometimes referred to as a communications stack. Protocol tunnels are commonly used to deliver other protocols across non-compatible networks, bypass firewalls, improve security, or improve fairness in bandwidth consumption. The first network protocol is typically referred to as the “payload protocol.” The payload protocol executes at or below the same layer of the protocol stack as the tunnel protocol. The second network protocol is typically referred to as the “delivery protocol”, the “tunnel protocol”, or simply the “tunnel”. The payload protocol typically contains a packet generated by a higher layer protocol and passed down the protocol stack. The higher layer protocol is referred to as the “end-to-end protocol.”
A well-known model for describing the protocol stack is the Open Systems Interconnection (OSI) model 50, shown in FIG. 2. The OSI model divides the stack into seven layers: physical layer 52, data link layer 54, network layer 56, transport layer 58, session layer 60, presentation layer 62, and application layer 64. When a device wishes to communicate using the OSI model 50, data 66 from one of the higher layers is passed down through each of the subsequently lower layers. At each of the lower layers, a protocol executing on that layer acts on the data from the next higher layer and passes the data to the next lower level. For example, data 66 from one of the higher levels may be passed to the transport layer 58. The Transmission Control Protocol (TCP) executing on the transport layer adds a header 80 (see FIG. 3) and passes a segment 68 to the network layer 56. The Internet Protocol (IP) executing on the network layer 56 adds another header and passes a packet 70 to the data link layer 54. A protocol executing on the data link layer 54 encapsulates the packet 70 into a frame 72 and passes the frame 72 to the physical layer 52. Finally, the physical layer 52 converts the frame 72 into a bit stream 74 for transmission over a network to another device. When the bit stream is received by the other device or “receiving device”, the data is passed back up through the protocol stack of the receiving device, and each layer strips the header corresponding to that layer, which was added by the sending device, and presents the data 66 to an application executing on the receiving device. It should be noted that, although examples used herein will refer to the OSI model, use of the OSI model and references to specific protocols are not intended to be limiting. It is understood that the present invention may operate using other models of the protocol stack, such as the TCP/IP model, and other protocols executing on each layer.
A TCP tunnel is used to encapsulate and aggregate the output from an end-to-end protocol from a layer at or below the transport layer 58 into a single TCP segment. The TCP tunnel is created by initializing a first TCP socket using an internet socket application programming interface (API). A TCP socket is one of the endpoints for TCP communication and includes a local IP address and port number. The socket API then initializes a TCP connection with another endpoint that has already created a TCP server socket and bound the TCP server socket to a port. Once the TCP connection between the two sockets is established, data can be read from and written to the TCP socket using the socket API. The output from an end-to-end protocol is provided as the data 66, or payload, to the tunneling application. The payload is then encapsulated within a TCP segment and transmitted over the TCP connection. For example, a user datagram protocol (UDP) datagram may be provided as the payload to the tunneling application and encapsulated within a TCP segment because UDP and TCP are both protocols that execute on the transport layer 58 in the OSI model 50. The tunneling application may then send the TCP segment, in which the UDP datagram is encapsulated, over the TCP connection. Traffic over the TCP connection is managed, at least in part, by the TCP protocol executing on the transport layer 58.
The TCP protocol was designed for reliable and ordered delivery of communications. In order to help prevent lost communications, the TCP socket receiving data, or TCP receiver, establishes a receive window, or buffer, in which incoming data is stored. The TCP receiver uses a flow control protocol to adjust the receive window in order to efficiently handle data reception. The TCP socket sending data, or TCP sender, executes a congestion control algorithm. The congestion control algorithm establishes a maximum number of packets that can be sent without receiving an acknowledgement of receiving the packet from the other TCP socket in order to control the rate at which data enters the network. The TCP protocol additionally utilizes error detection and correction techniques to detect, for example, lost or duplicate segments and to retransmit lost segments or discard duplicate segments.
However, if a TCP tunnel is carrying another TCP segment, known as TCP-over-TCP, a problem commonly known as “TCP meltdown” may occur. TCP meltdown typically occurs when the congestion control and error correction algorithms of both the TCP tunnel protocol and the TCP end-to-end protocol attempt to correct errors in transmission. Each TCP protocol may attempt to correct errors at a different rate, and both TCP protocols may attempt to resend lost packets. The competing error correction algorithms may overwhelm the network bandwidth, hence reducing transmission rates and increasing traffic with retransmitted segments. If, for example, a lost segment is detected by the tunnel TCP protocol, the tunnel TCP protocol will attempt to retransmit the lost segment. However, the TCP payload encapsulated within the tunnel TCP segment is necessarily lost as well. Consequently, the end-to-end protocol, which first generated the TCP payload, will also attempt to retransmit the lost TCP payload, generating additional traffic.
A TCP tunnel can also increase the round-trip time (RTT) of an end-to-end TCP stream by approximately four times, which causes a decrease in the throughput of a TCP flow by as much as 60%. For example, sample data sent from the TCP sender of the end-to-end TCP connection generates a first segment which gets encapsulated as the payload of the second segment generated by the TCP sender of the TCP tunnel. The second segment generated by the TCP tunnel is first acknowledged (ACK) by the TCP receiver of the TCP tunnel, and the TCP receiver of the TCP tunnel extracts the payload from the second segment. The payload extracted from the second TCP segment is then processed by the TCP receiver of the end-to-end TCP connection, which will generate a second acknowledgement (ACK). The second acknowledgement must be returned to the TCP sender of the end-to-end TCP connection. The TCP receiver of the end-to-end TCP connection now acts as a sender and encapsulates the ACK as data in a return payload. The TCP receiver of the TCP tunnel now also acts as a sender and generates another TCP segment to return the encapsulated ACK to the original TCP sender of the TCP tunnel. This return segment must also be acknowledged by the TCP sender of the TCP tunnel and the payload extracted therefrom. The encapsulated acknowledgment is finally returned to the original TCP sender of the end-to-end TCP connection. As demonstrated, two acknowledgments are required for each end-to-end TCP segment. The requirement for two acknowledgements both reduces bandwidth and increases the RTT for the TCP tunnel.
Attempts to solve the TCP meltdown and increased RTT problems have not been met without drawbacks. Presently, TCP segments are carried by tunnels created using other protocols, such as UDP, interne protocol security (IPsec), or generic route encapsulation (GRE). However, many networks do not support these protocols and require that the tunnel also be created by TCP protocol.
Other solutions have proposed modifications to the TCP layer, for example by using selective acknowledgements (SACKs) and explicit congestion notification (ECN) bits of the TCP header. However, such modifications require that both endpoints of the TCP connection support the modified TCP layer, limiting the usefulness of the solution to TCP connections established between endpoints having the modifications.
Therefore, it would be desirable to provide a method of TCP tunneling that supports TCP-over-TCP tunneling that may be implemented on a single end of the TCP connection.